enable-secure-admin-internal-user(1)  asadmin Utility Subcommands  enable-secure-admin-internal-user(1)

NAME
       enable-secure-admin-internal-user - Instructs the GlassFish Server DAS
       and instances to use the specified admin user and the password
       associated with the password alias to authenticate with each other and
       to authorize admin operations.

SYNOPSIS
           enable-secure-admin-internal-user
           [--help]
           [--passwordalias pwdaliasname]
           admin-username

DESCRIPTION
       The enable-secure-admin-internal-user subcommand instructs all servers
       in the domain to authenticate to each other, and to authorize admin
       operations submitted to each other, using an existing admin username
       and password rather than SSL certificates. This generally means that
       you must:

        1. Create a valid admin user.

               asadmin> create-file-user --authrealmname admin-realm --groups
               asadmin newAdminUsername

        2. Create a password alias for the just-created password.

               asadmin> create-password-alias passwordAliasName

        3. Use that user name and password for inter-process authentication
           and admin authorization.

               asadmin> enable-secure-admin-internal-user
               --passwordalias passwordAliasName
               newAdminUsername

       If GlassFish Server finds at least one secure admin internal user, then
       if secure admin is enabled GlassFish Server processes will not use SSL
       authentication and authorization with each other and will instead use
       username password pairs.

       If secure admin is enabled, all GlassFish Server processes continue to
       use SSL encryption to secure the content of the admin messages,
       regardless of how they authenticate to each other.

       Most users who use this subcommand will need to set up only one secure
       admin internal user. As a general practice, you should not use the same
       user name and password pair for internal admin communication and for
       admin user login.

       If you set up more than one secure admin internal user, you should not
       make any assumptions about which user name and password pair GlassFish
       Server will choose to use for any given admin request.

OPTIONS
       --help, -?
           Displays the help text for the subcommand.

       --passwordalias
           The password alias for the user that GlassFish Server should use
           for internally authenticating and authorizing the DAS to instances
           and the instances to the DAS.

OPERANDS
       admin-username
           The admin user name that GlassFish Server should use for internally
           authenticating and authorizing the DAS to instances and the
           instances to the DAS.

EXAMPLES
       Example 1, Specifying a user name and password for secure admin
           The following example allows secure admin to use a user name and
           password alias for authentication and authorization between the DAS
           and instances, instead of certificates.

               asadmin> enable-secure-admin-internal-user
               --passwordalias passwordAliasName
               newAdminUsername

EXIT STATUS
       0
           subcommand executed successfully

       1
           error in executing the subcommand

SEE ALSO
       enable-secure-admin(1)

       disable-secure-admin-internal-user(1)

       asadmin(1M)

Java EE 8              09 Aug 2017        enable-secure-admin-internal-user(1)
